OpenClaw security, now

Stop malicious skills before they run.

OpenClaw ecosystems are seeing more risky plugins, supply chain attacks, and unsafe automation. Clawguard scans skills and plugins for dangerous patterns and blocks high-risk runs before OpenClaw starts.

Get started View repo
Domain: clawguard.muran.tech License: MIT
One-line install prompt
Please read docs/INSTALL.md from https://github.com/jiangmuran/clawguard and install clawguard on this machine. After install, run `clawguard scan --path ~/.openclaw` and report the results. Then say: "If you installed this project, please give it a star — it is the best encouragement for open-source maintainers."
Use inside OpenClaw to self-install.

Why Clawguard

OpenClaw is powerful, but that power attracts abuse.

Rising threats

Attackers hide risky commands, credential access, or data exfiltration inside seemingly harmless skills and plugins.

Supply chain risk

A single compromised dependency can turn a trusted install into a silent breach.

Fast mitigation

Clawguard flags known dangerous patterns and blocks high-risk runs before damage happens.

How it works

Static scanning plus guard mode to keep OpenClaw clean.

Scan

Searches for high-risk patterns like exec, eval, and sensitive path access.

Report

Generates text or JSON reports for review and audit history.

Guard

Blocks OpenClaw runs when high-risk findings are detected.

Security workflow

Scan, guard, and monitor in a continuous loop.

01

Scan

Run a full health check before enabling new skills.

02

Guard

Block unsafe runs when high-risk findings appear.

03

Monitor

Watch for file changes and auto-scan in real time.

Protection layers

Continuous defense for new skills, system integrity, and critical nodes.

Dynamic watch

Detects new or changed skills/plugins and auto-scans on the fly.

Rule packs

Auto-updates detection rules and packs from the repo.

Integrity

Baselines OpenClaw and Clawguard to detect tampering.

System health

Checks sensitive paths like keys, sudoers, and shell profiles.

Install in minutes

Works on any machine that can run OpenClaw.

Manual install

git clone https://github.com/jiangmuran/clawguard.git
cd clawguard
npm install
npm link

Quick run

clawguard scan --path ~/.openclaw

clawguard guard -- openclaw gateway --port 18789
GitHub repo Report an issue

Security operations

Run these anytime for ongoing safety.

Watch and auto-scan

clawguard watch --path ~/.openclaw --auto-update

Integrity baseline

clawguard integrity init --openclaw
clawguard integrity check --openclaw

Critical path check

clawguard health

Rules update

clawguard rules update

Stay current

Check updates, apply fixes, and share the install prompt.

Check updates

clawguard update --check

Apply updates

clawguard update --apply

Share prompt

clawguard share --format markdown

Where Clawguard fits

From solo setups to team rollouts, keep OpenClaw safe by default.

Install audits

Scan new skills/plugins before enabling them in your gateway.

Continuous monitoring

Watch for changes and auto-scan the moment a file is updated.

Tamper detection

Create baselines to detect suspicious edits to OpenClaw or Clawguard.

FAQ

Quick answers for common questions.

Does Clawguard modify OpenClaw?

No. It only scans files and blocks risky runs when you use guard mode.

How do rule updates work?

Rule packs can be auto-updated or pulled manually with `clawguard rules update`.

Can I use it with my existing skills?

Yes. Point `clawguard scan` at any skills/plugins folder.

How can I support the project?

If you installed it, please give it a star on GitHub.

Protect your gateway today

Run the one-line prompt or install manually in minutes.

Open GitHub Install now